It’s 2019, social media and emails are being used at an all time high. Whilst phishing has become one of the most longstanding and dangerous methods of cyber crime. It tricks its victims into clicking links, downloading attachments or sending sensitive information through deceptive messages.

Now, you may think you know how to spot a fake email, but just like you so do many others, and they still fall victim! According to Verizon’s 2019 Data Breach Investigation Report, there has been more than 40,000 security incidents this year.

Today, I’m going to tell you three simple ways in which you can detect a phishing email so you can spot one in the future! Also, keep an eye out on our social media as we plan to do a series of videos based on this topic.

Now listen, no legit organisation will contact you from an email address that ends in lets say ‘@gmail.com’ – not even Google themselves! The best way to check an organisation’s domain name is to type the companies name into a search engine. If you do happen to get a random email address the end of the email will always give you some sort of identification of the legitimacy of it.This makes phishing seem easy to spot! Believe me, there’s plenty of cyber criminals with more tricks up their sleeve!When a criminal creates their fake email address , they’ll have the choice to select a display name and this sometimes doesn’t have to relate to the email address at all! This means their fake email address will appear under a display name like Google in your inbox. These bogus email addresses will use the organisations name in the local part of the email address. For example the email could look like:

ebay@notice-access-765.com

The above image is a flawless example of a phishing email. When a fake email uses the logo, in this case the eBay logo it does look professional and the request looks believable. Although the email will try to replicate the real thing, there’s one huge thing you will be able to spot immediately: the senders email address.

Okay, so. Lets take the eBay email example from earlier: eBay@notice-access-765.com. A genuine email from eBay would of had the organisations name in the domain name and this would then of indicated that it would of come from a genuine member of staff from eBay. The fact that eBay doesn’t come after the ‘@’ symbol gives you a huge indication that this email address is in fact, fake.

Now, to throw you even further, some email addresses can have words misspelt and you probably won’t recognise this straight away! Check for random capital letters and letters misplaced for example exBay@notice-access-765.com.

To recap, check for the following:

1. Does the company name come after the ‘@’ symbol?
2. Have you researched the company to check if it’s legitimate?
3. A suspicious looking link or attachment
4.  If you’re unsure if the link is fake, check with the sender
5. Hover the mouse over the link to check the destination website’s URL matches the information set in the emailDoes the email address contain spelling mistakes and misplaced letters?

The next key thing you need to look out for is suspicious attachments within the fake email. They come in many forms so be aware of this however, the one thing they’ll consistently have in common is that they’ll contain a payload. This could be anything from an infected attachment that you’re requested to download or a link to a website that requests something like a login or other sensitive information.Again, I’m going to take the eBay email I spoke about in the beginning of the blog as an example. Can you see at the bottom it has a box, blue in colour, requesting the user to ‘Protect their account’. This means the user will have to click the bogus link and enter in their login details which will be disastrous. The user won’t realise that this is actually a bogus link and will click on it expecting to just enter in their login details for the site. By the time they do this, it’ll be too late and the document will have unleashed malware onto the victims computer, this could perform any number of awful activities and would be critical.Please ensure you don’t open any attachments unless you’re fully confident that the email is legitimate- even so you still need to look out for a suspicious attachment or link. If you’re unsure, just contact the sender!

In the case of the eBay email, hover your mouse over the link. This will show you the destination web URL. For eBay it’ll have eBay.com so be aware if this doesn’t match the email! Please be aware that some scammers hide the email address so this isn’t always possible to see.

To recap, check for the following:

1. A suspicious looking link or attachment
2. If you’re unsure if the link is fake, check with the sender
3. Hover the mouse over the link to check the destination website’s URL matches the information set in the email

This next key thing to look for in a scam email is probably going to be the biggest giveaway! As a human being, when we’re sent an email that doesn’t contain any urgency we tend to leave it. Scammers know this and will ensure the fake email requests you to ‘act now’. As you can see again in the first eBay email I showed you, this would appear to be very evident. In the workplace, scammers know that you will drop everything for a higher member of staff’s request so, they’ll create a scam email in the form of a request of lets say a manager or boss. You need to make sure you’re very aware of this.

To recap, check for the following:

1. A complete sense of urgency. The email will push you to enter in crucial details.

What to do if you think you’ve been caught out

If you have noticed the signs spoken about above then please let us know as soon as possible. We’ll assist with resetting passwords, checking for signs of a hacked account, checking your email flow and advising you on who to alert in the case of them being sent fake emails!

Alternatively we offer an ethical hacking service where a member of the team will send an email to your staff members to test their knowledge on fake emails and see if they’re alert upon receiving it!

All you have to do is contact us on:

Telephone: 0800 01 999 34 

Email: support@pcparamedics.it